I recently blogged about a large number of spam that has been hitting mailboxes with fascinating subject lines such as “herb.s help.s”, “make it bigger”, “she loves being on film” and a host of other less savory, witty and eye-catching titles. The SPAM kept getting through, even with commercial anti-spam products and RBLs enabled, including relays.ordb.org, bl.spamcop.net, zen.spamhaus.org and cbl.abuseat.org. Today, however, the tide seems to be turning against the spammers and I’ve noticed a decrease of over 80%!
A quick check using the ‘about my IP blacklist check‘ on some of the IP addresses used in the SPAM emails shows that Spamcop, at least, has started to successfully identify most of the spamming computers involved. Remember, these are machines that are infected with trojans or viruses. The spammers have taken them over and are using them illegally to send out SPAM, having turned them into spambots. The best way for us to defeat the problem is to ensure that everyone has quality technical support looking over their computers regularly and protecting their networks from attack. In reality, most people don’t even know that they have an infected computer and as a result, don’t contact anyone to help them. One sign that your computer is infected is if it’s running slower than you think it should, or strange things are happening on it – like windows opening that you didn’t expect to open.
If you’re running an email server and would like to start using a RBL to block spam, I recommend starting off with Spamcop. So far they are the quickest at identifying spammers and adding them to the blacklist. I’ve included a step by step process here to add Spamcop to your Exchange server. You should ensure that you’re running the latest version of Exchange Server 2003 with Service Pack 2 or above installed.
- Open Exchange System Manager
- Expand ‘Global Settings’ and right click on ‘Message Delivery’, then select properties
- Go to the ‘Connection Filtering’ tab
- Click on Add, type in the display name Spamcop and DNS Suffix ‘bl.spamcop.net‘
- Click OK and then apply
Here’s a screenshot of what your exchange server screen should look like when done: